Excel output for Visibility refers to Detection score, not Visibility score

Question

Excel output for Visibility refers to Detection score, not Visibility score

tailsec opened this issue a year ago · 1 comments

When looking to visualise the Visibility for the Credential Stuffing technique, the yaml file shows there are different scores for Detection (-1) and Visibility (2)

Generating the Excel output gives a value of -1, which appears to stem from the Detection score:

(venv) user@ubuntu:/opt/DeTTECT$ python dettect.py v -ft sample-data/techniques-administration-endpoints.yaml -e
File written:   output/techniques.xlsx

Whereas generating a Navigator Layer provides the correct value of 2:

(venv) user@ubuntu:/opt/DeTTECT$ python dettect.py v -ft sample-data/techniques-administration-endpoints.yaml -l
File written:   output/visibility_example_1.json

Answer 1 · 2023-03-15T15:45:18.000Z

hi @tailsec

In the excel file there are two worksheets. One for detections, one for visibility. The one in your screenshot is for detections, so please look at the second sheet in that file. There you will find the visibility view.